"FBI Operation Removes Backdoors from Hacked Exchange Servers in the US"
The US Department of Justice (DOJ) recently revealed that the FBI carried out a court-approved operation to remove malicious web shells from compromised Microsoft Exchange email servers across the US. These web shells are used for backdoor access to the servers. According to the DOJ, the web shells could have allowed continued access to emails and US networks by unauthorized actors. Microsoft released an emergency security update for its Microsoft Exchange email and communications software in early March. It addressed a security vulnerability in versions of the software going back to 2013. Hackers may have hit at least 30,000 organizations in the US to steal email communications. Though many server owners successfully removed the malicious web shells, others were not able to do so, thus hundreds of the web shells have gone unmitigated. The FBI obtained a search warrant to access compromised Exchange servers to copy the malicious web shells and then remove them. The DOJ said the operation was successful. However, other vulnerabilities were not patched, and additional malware placed on servers using the web shells was not removed. This article continues to discuss the FBI's court-approved operation to eliminate malicious web shells from hundreds of systems.
CNET reports "FBI Operation Removes Backdoors from Hacked Exchange Servers in the US"